A misconfigured PPP daemon can be a devastating security breach. It can
be as bad as letting anyone plug in their machine into your Ethernet
(and that is very bad). In this section, we will discuss a few measures
that should make your PPP configuration safe.

One problem with pppd is that to configure the network device
and the routing table, it requires root privilege. You will
usually solve this by running it setuid root. However,
pppd allows users to set various security-relevant options. To
protect against any attacks a user may launch by manipulating these
options, it is suggested you set a couple of default values in the
global /etc/ppp/options file, like those shown in the sample
file in section-. Some of them, such as the
authentication options, cannot be overridden by the user, and so
provide a reasonable protection against manipulations.

Of course, you have to protect yourself from the systems you speak PPP
with, too. To fend off hosts posing as someone else, you should
always some sort of authentication from your peer. Additionally, you
should not allow foreign hosts to use any IP-address they choose, but
restrict them to at least a few. The following section will deal with
these topics.